#!/bin/sh
set -e

# This is not covered by the CVE and harmless by itself, but used in
# the exploit and while harmless it is also pointless to allow it

TESTDIR="$(readlink -f "$(dirname "$0")")"
. "$TESTDIR/framework"

setupenvironment
configarchitecture 'amd64'

export APT_DONT_SIGN='InRelease'

insertpackage 'unstable' 'foo' 'all' '1'
setupaptarchive
rm -rf rootdir/var/lib/apt/lists

verify() {
	testfailure apt update
	testsuccess grep '^  Detached signature file' rootdir/tmp/testfailure.output
	testfailure apt show foo
}

msgmsg 'Payload after detached signature'
find aptarchive -name 'Release.gpg' | while read FILE; do
	cp -a "$FILE" "${FILE}.bak"
	echo "evil payload" >> "$FILE"
done
verify

msgmsg 'Payload in-between detached signatures'
find aptarchive -name 'Release.gpg' | while read FILE; do
	cat "${FILE}.bak" >> "$FILE"
done
verify

msgmsg 'Payload before detached signature'
find aptarchive -name 'Release.gpg' | while read FILE; do
	echo "evil payload" > "$FILE"
	cat "${FILE}.bak" >> "$FILE"
done
verify
